Skip to content

build(deps): bump gorm.io/gorm from 1.25.12 to 1.30.0 in /core #492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump gorm.io/gorm from 1.25.12 to 1.30.0 in /core #492

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 26, 2025
edited
Loading

Bumps gorm.io/gorm from 1.25.12 to 1.30.0.

Release notes

Sourced from gorm.io/gorm's releases.

Release v1.30.0

Changes

Release v1.26.1

Changes

  • fix: int type variable defaultMaxSize overflows in 32-bit environment @​iTanken (#7439)

Release v1.26.0

Changes

... (truncated)

Commits
  • c44405a Implement Generics API (#7424)
  • 751c1d6 perf(schema): avoid redundant strings.ToLower call (#7464)
  • 8e7ab46 fix: return init dialector error (#7379)
  • e3037e4 perf: break early on match failure in ParseConstraint (#7402)
  • 1204330 feat: error message show field name (#7452)
  • 9703eb7 perf: use strings.IndexByte to replace strings.Index (#7454)
  • 1c966e0 perf: use strings.Cut to replace strings.SplitN (#7455)
  • e5b867e remove unnecessary session-level configuration for prepared statements
  • 8c4e8e2 fix: int type variable defaultMaxSize overflows in 32-bit environment (#7439)
  • a827495 Preparestmt use LRU Map instead default map (#7435)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump gorm.io/gorm from 1.25.12 to 1.30.0 in /core
e8543d7 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.12 to 1.30.0.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](go-gorm/gorm@v1.25.12...v1.30.0)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-version: 1.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 26, 2025
@dependabot dependabot bot mentioned this pull request May 26, 2025
Closed
@modelorona
Copy link
Collaborator

modelorona commented Jun 17, 2025

@claude is there any issue with upgrading? consider any APIs that may have changed

@claude
Copy link
Contributor

claude bot commented Jun 17, 2025
edited
Loading

Claude finished @modelorona's task —— View job

GORM Upgrade Analysis

Analyzing the upgrade from GORM v1.25.12 to v1.30.0 for potential compatibility issues.

Todo List:

  • Read repository setup instructions
  • Search for GORM usage patterns in the codebase
  • Analyze GORM release notes for breaking changes
  • Test compilation and identify potential issues
  • Provide final assessment and recommendations

Analysis Results

Current GORM Usage in WhoDB

The codebase makes extensive use of GORM through a plugin architecture:

  • Database Plugins: MySQL, PostgreSQL, SQLite3, and ClickHouse all use GORM
  • Core Operations: Standard GORM methods like .Raw(), .Table(), .Scan(), .Where(), .Limit(), .Offset()
  • Connection Management: Uses a plugins.WithConnection() helper for database operations
  • Custom Queries: Extensive use of raw SQL queries with GORM's .Raw() method

Key Changes in GORM v1.30.0

Likely Safe Changes:

  • Performance improvements in schema parsing (strings.ToLower optimization)
  • Better error messages that show field names
  • Performance optimizations using strings.Cut and strings.IndexByte
  • Bug fixes for concurrent map writes
  • Memory leak fixes in PrepareStatementDB

⚠️ Potential Concerns:

  1. Generics API Implementation - The release notes mention "(WIP) Implement Generics API" which suggests:

    • This is a work-in-progress feature
    • Could introduce breaking changes in future versions
    • May affect type safety and method signatures

  2. Error Handling Changes - New error handling improvements might change error types or messages

  3. Prepared Statement Changes - Changes to prepared statement handling could affect performance or behavior

Compatibility Assessment

LOW RISK - The upgrade should be safe because:

  1. No Breaking API Changes: The current usage patterns in WhoDB are all standard GORM operations that haven't changed
  2. Backward Compatibility: GORM typically maintains backward compatibility for core methods
  3. Performance Focus: Most changes are performance improvements rather than API changes
  4. Plugin Architecture: WhoDB's plugin-based approach isolates GORM usage, making it easier to fix any issues

Recommendations

  1. ✅ Proceed with Upgrade - The benefits outweigh the risks
  2. 🧪 Test Thoroughly - Run comprehensive tests, especially:
    • Database connection pooling
    • Raw SQL query execution
    • Multi-database plugin functionality
    • Error handling paths
  3. 📊 Monitor Performance - The performance improvements should be measurable
  4. 🔄 Watch for Follow-up Releases - Since Generics API is WIP, monitor future releases for stability

Next Steps

If you decide to merge this PR, I recommend running your full test suite and monitoring the application closely for any unexpected behavior, particularly around database operations and error handling.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 17, 2025

Looks like gorm.io/gorm is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Jun 17, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/core/gorm.io/gorm-1.30.0 branch June 17, 2025 05:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@modelorona